1 /* tkt.c ticket handling
2 * Copyright (C) 2002, 2003 Simon Josefsson
4 * This file is part of Shishi.
6 * Shishi is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * Shishi is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with Shishi; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
29 Shishi_asn1 enckdcreppart
;
30 Shishi_asn1 encticketpart
;
35 shishi_tkt_clientrealm_set (Shishi_tkt
* tkt
, char *realm
, char *client
)
39 res
= shishi_encticketpart_crealm_set (tkt
->handle
,
40 tkt
->encticketpart
, realm
);
44 res
= shishi_encticketpart_cname_set (tkt
->handle
,
46 SHISHI_NT_UNKNOWN
, client
);
54 shishi_tkt_serverrealm_set (Shishi_tkt
* tkt
, char *realm
, char *server
)
58 res
= shishi_ticket_srealmserver_set (tkt
->handle
, tkt
->ticket
,
63 res
= shishi_enckdcreppart_srealmserver_set
64 (tkt
->handle
, tkt
->enckdcreppart
, realm
, server
);
72 shishi_tkt_build (Shishi_tkt
* tkt
, Shishi_key
* key
)
76 res
= shishi_ticket_add_enc_part (tkt
->handle
, tkt
->ticket
,
77 key
, tkt
->encticketpart
);
86 * @ticket: input variable with ticket info.
87 * @client: output buffer that holds client name of ticket.
88 * @clientlen: on input, maximum size of output buffer,
89 * on output, actual size of output buffer.
91 * Return value: Returns client principal of ticket.
94 shishi_tkt_client (Shishi_tkt
* tkt
, char *client
, int *clientlen
)
96 return shishi_principal_name_get (tkt
->handle
, tkt
->kdcrep
,
97 "cname", client
, clientlen
);
101 shishi_tkt_client_p (Shishi_tkt
* tkt
, const char *client
)
107 buflen
= strlen (client
) + 1;
108 buf
= malloc (buflen
);
112 res
= shishi_tkt_client (tkt
, buf
, &buflen
);
113 if (res
!= SHISHI_OK
)
120 if (strcmp (client
, buf
) != 0)
132 shishi_tkt_cnamerealm (Shishi_tkt
* tkt
, char *cnamerealm
, int *cnamerealmlen
)
134 return shishi_principal_name_realm_get (tkt
->handle
,
135 tkt
->kdcrep
, "cname",
136 tkt
->kdcrep
, "crealm",
137 cnamerealm
, cnamerealmlen
);
141 shishi_tkt_cnamerealm_p (Shishi_tkt
* tkt
, const char *client
)
147 buflen
= strlen (client
) + 1;
148 buf
= malloc (buflen
);
152 res
= shishi_tkt_cnamerealm (tkt
, buf
, &buflen
);
153 if (res
!= SHISHI_OK
)
160 if (strcmp (client
, buf
) != 0)
173 * @tkt: input variable with ticket info.
175 * Return value: Returns actual ticket.
178 shishi_tkt_ticket (Shishi_tkt
* tkt
)
184 * shishi_tkt_enckdcreppart:
185 * @tkt: input variable with ticket info.
187 * Return value: Returns auxilliary ticket information.
190 shishi_tkt_enckdcreppart (Shishi_tkt
* tkt
)
192 return tkt
->enckdcreppart
;
196 * shishi_tkt_encticketreppart_set:
197 * @as: structure that holds information about Ticket exchange
198 * @enckdcreppart: EncKDCRepPart to store in Ticket.
200 * Set the EncKDCRepPart in the Ticket.
203 shishi_tkt_enckdcreppart_set (Shishi_tkt
* tkt
, Shishi_asn1 enckdcreppart
)
205 if (tkt
->enckdcreppart
)
206 shishi_asn1_done (tkt
->handle
, tkt
->enckdcreppart
);
207 tkt
->enckdcreppart
= enckdcreppart
;
212 * @tkt: input variable with ticket info.
214 * Return value: Returns KDC-REP information.
217 shishi_tkt_kdcrep (Shishi_tkt
* tkt
)
223 * shishi_tkt_encticketpart:
224 * @tkt: input variable with ticket info.
226 * Return value: Returns EncTicketPart information.
229 shishi_tkt_encticketpart (Shishi_tkt
* tkt
)
231 return tkt
->encticketpart
;
235 * shishi_tkt_encticketpart_set:
236 * @tkt: input variable with ticket info.
237 * @encticketpart: encticketpart to store in ticket.
239 * Set the EncTicketPart in the Ticket.
242 shishi_tkt_encticketpart_set (Shishi_tkt
* tkt
, Shishi_asn1 encticketpart
)
244 if (tkt
->encticketpart
)
245 shishi_asn1_done (tkt
->handle
, tkt
->encticketpart
);
246 tkt
->encticketpart
= encticketpart
;
251 * @tkt: input variable with ticket info.
253 * Return value: Returns key extracted from enckdcreppart.
256 shishi_tkt_key (Shishi_tkt
* tkt
)
258 if (!tkt
->key
&& tkt
->enckdcreppart
)
262 res
= shishi_enckdcreppart_get_key (tkt
->handle
,
263 tkt
->enckdcreppart
, &tkt
->key
);
264 if (res
!= SHISHI_OK
)
267 else if (!tkt
->key
&& tkt
->encticketpart
)
271 res
= shishi_encticketpart_get_key (tkt
->handle
,
272 tkt
->encticketpart
, &tkt
->key
);
273 if (res
!= SHISHI_OK
)
281 * shishi_tkt_key_set:
282 * @tkt: input variable with ticket info.
283 * @key: key to store in ticket.
285 * Set the key in the EncTicketPart.
287 * Return value: Returns SHISHI_OK iff successful.
290 shishi_tkt_key_set (Shishi_tkt
* tkt
, Shishi_key
* key
)
294 res
= shishi_encticketpart_key_set (tkt
->handle
, tkt
->encticketpart
, key
);
295 if (res
!= SHISHI_OK
)
298 res
= shishi_enckdcreppart_key_set (tkt
->handle
, tkt
->enckdcreppart
, key
);
299 if (res
!= SHISHI_OK
)
309 * @handle: shishi handle as allocated by shishi_init().
310 * @ticket: input variable with ticket.
311 * @enckdcreppart: input variable with auxilliary ticket information.
312 * @kdcrep: input variable with KDC-REP ticket information.
314 * Create a new ticket handle.
316 * Return value: Returns new ticket handle, or %NULL on error.
319 shishi_tkt2 (Shishi
* handle
,
320 Shishi_asn1 ticket
, Shishi_asn1 enckdcreppart
,
325 tkt
= malloc (sizeof (*tkt
));
329 memset (tkt
, 0, sizeof (*tkt
));
331 tkt
->handle
= handle
;
332 tkt
->ticket
= ticket
;
333 tkt
->enckdcreppart
= enckdcreppart
;
334 tkt
->kdcrep
= kdcrep
;
341 * @handle: shishi handle as allocated by shishi_init().
342 * @tkt: output variable with newly allocated ticket.
344 * Create a new ticket handle.
346 * Return value: Returns SHISHI_OK iff successful.
349 shishi_tkt (Shishi
* handle
, Shishi_tkt
** tkt
)
354 t
= malloc (sizeof (*t
));
356 return SHISHI_MALLOC_ERROR
;
357 memset (t
, 0, sizeof (*t
));
361 t
->ticket
= shishi_asn1_ticket (handle
);
362 if (t
->ticket
== NULL
)
364 shishi_error_printf (handle
, "Could not create Ticket: %s\n",
365 shishi_strerror_details (handle
));
366 return SHISHI_ASN1_ERROR
;
369 /* XXX what about tgs's? */
370 t
->enckdcreppart
= shishi_encasreppart (handle
);
371 if (t
->enckdcreppart
== NULL
)
373 shishi_error_printf (handle
, "Could not create EncKDCRepPart: %s\n",
374 shishi_strerror_details (handle
));
375 return SHISHI_ASN1_ERROR
;
378 t
->encticketpart
= shishi_encticketpart (handle
);
379 if (t
->encticketpart
== NULL
)
381 shishi_error_printf (handle
, "Could not create EncTicketPart: %s\n",
382 shishi_strerror_details (handle
));
383 return SHISHI_ASN1_ERROR
;
386 res
= shishi_encticketpart_transited_set (handle
,
388 SHISHI_TR_DOMAIN_X500_COMPRESS
,
390 if (res
!= SHISHI_OK
)
393 res
= shishi_encticketpart_authtime_set
394 (handle
, t
->encticketpart
, shishi_generalize_time (handle
, time (NULL
)));
395 if (res
!= SHISHI_OK
)
398 res
= shishi_encticketpart_endtime_set
399 (handle
, t
->encticketpart
,
400 shishi_generalize_time (handle
, time (NULL
) + 1000));
401 if (res
!= SHISHI_OK
)
404 t
->kdcrep
= shishi_asrep (handle
);
405 if (t
->kdcrep
== NULL
)
407 shishi_error_printf (handle
, "Could not create AS-REP: %s\n",
408 shishi_strerror_details (handle
));
409 return SHISHI_ASN1_ERROR
;
418 shishi_tkt_done (Shishi_tkt
* tkt
)
421 shishi_key_done (&tkt
->key
);
426 shishi_tkt_flags (Shishi_tkt
* tkt
, int *flags
)
428 return shishi_asn1_read_bitstring (tkt
->handle
, tkt
->enckdcreppart
,
433 shishi_tkt_flags_set (Shishi_tkt
* tkt
, int flags
)
437 res
= shishi_encticketpart_flags_set (tkt
->handle
, tkt
->encticketpart
,
439 if (res
!= SHISHI_OK
)
442 res
= shishi_enckdcreppart_flags_set (tkt
->handle
, tkt
->enckdcreppart
,
444 if (res
!= SHISHI_OK
)
451 shishi_tkt_forwardable_p (Shishi_tkt
* tkt
)
455 shishi_tkt_flags (tkt
, &flags
);
457 return flags
& SHISHI_TICKETFLAGS_FORWARDABLE
;
461 shishi_tkt_forwarded_p (Shishi_tkt
* tkt
)
465 shishi_tkt_flags (tkt
, &flags
);
467 return flags
& SHISHI_TICKETFLAGS_FORWARDED
;
471 shishi_tkt_proxiable_p (Shishi_tkt
* tkt
)
475 shishi_tkt_flags (tkt
, &flags
);
477 return flags
& SHISHI_TICKETFLAGS_PROXIABLE
;
481 shishi_tkt_proxy_p (Shishi_tkt
* tkt
)
485 shishi_tkt_flags (tkt
, &flags
);
487 return flags
& SHISHI_TICKETFLAGS_PROXY
;
491 shishi_tkt_may_postdate_p (Shishi_tkt
* tkt
)
495 shishi_tkt_flags (tkt
, &flags
);
497 return flags
& SHISHI_TICKETFLAGS_MAY_POSTDATE
;
501 shishi_tkt_postdated_p (Shishi_tkt
* tkt
)
505 shishi_tkt_flags (tkt
, &flags
);
507 return flags
& SHISHI_TICKETFLAGS_POSTDATED
;
511 shishi_tkt_invalid_p (Shishi_tkt
* tkt
)
515 shishi_tkt_flags (tkt
, &flags
);
517 return flags
& SHISHI_TICKETFLAGS_INVALID
;
521 shishi_tkt_renewable_p (Shishi_tkt
* tkt
)
525 shishi_tkt_flags (tkt
, &flags
);
527 return flags
& SHISHI_TICKETFLAGS_RENEWABLE
;
531 shishi_tkt_initial_p (Shishi_tkt
* tkt
)
535 shishi_tkt_flags (tkt
, &flags
);
537 return flags
& SHISHI_TICKETFLAGS_INITIAL
;
541 shishi_tkt_pre_authent_p (Shishi_tkt
* tkt
)
545 shishi_tkt_flags (tkt
, &flags
);
547 return flags
& SHISHI_TICKETFLAGS_PRE_AUTHENT
;
551 shishi_tkt_hw_authent_p (Shishi_tkt
* tkt
)
555 shishi_tkt_flags (tkt
, &flags
);
557 return flags
& SHISHI_TICKETFLAGS_HW_AUTHENT
;
561 shishi_tkt_transited_policy_checked_p (Shishi_tkt
* tkt
)
565 shishi_tkt_flags (tkt
, &flags
);
567 return flags
& SHISHI_TICKETFLAGS_TRANSITED_POLICY_CHECKED
;
571 shishi_tkt_ok_as_delegate_p (Shishi_tkt
* tkt
)
575 shishi_tkt_flags (tkt
, &flags
);
577 return flags
& SHISHI_TICKETFLAGS_OK_AS_DELEGATE
;
581 shishi_tkt_realm (Shishi_tkt
* tkt
, char *realm
, int *realmlen
)
583 return shishi_ticket_realm_get (tkt
->handle
, tkt
->ticket
, realm
, realmlen
);
587 shishi_tkt_server (Shishi_tkt
* tkt
, char *server
, int *serverlen
)
589 return shishi_ticket_sname_get (tkt
->handle
, tkt
->ticket
,
594 shishi_tkt_server_p (Shishi_tkt
* tkt
, const char *server
)
600 buflen
= strlen (server
) + 1;
601 buf
= malloc (buflen
);
605 res
= shishi_tkt_server (tkt
, buf
, &buflen
);
606 if (res
!= SHISHI_OK
)
613 if (strcmp (server
, buf
) != 0)
625 shishi_tkt_server_realm (Shishi_tkt
* tkt
,
626 char *serverrealm
, int *serverrealmlen
)
628 return shishi_ticket_snamerealm_get (tkt
->handle
, tkt
->ticket
,
629 serverrealm
, serverrealmlen
);
633 shishi_tkt_keytype (Shishi_tkt
* tkt
, int32_t * etype
)
635 return shishi_asn1_read_int32 (tkt
->handle
, tkt
->enckdcreppart
,
636 "key.keytype", etype
);
640 shishi_tkt_keytype_p (Shishi_tkt
* tkt
, int32_t etype
)
645 rc
= shishi_asn1_read_int32 (tkt
->handle
, tkt
->enckdcreppart
,
646 "key.keytype", &tktetype
);
650 return etype
== tktetype
;
654 shishi_tkt_lastreq (Shishi_tkt
* tkt
,
655 char *lrtime
, int *lrtimelen
, int lrtype
)
662 res
= shishi_asn1_number_of_elements (tkt
->handle
, tkt
->enckdcreppart
,
664 if (res
!= SHISHI_OK
)
667 for (i
= 1; i
<= n
; i
++)
669 asprintf (&format
, "last-req.?%d.lr-type", i
);
670 res
= shishi_asn1_read_integer (tkt
->handle
, tkt
->enckdcreppart
,
673 if (res
!= SHISHI_OK
)
674 return SHISHI_ASN1_ERROR
;
676 if (lrtype
== tmplrtype
)
678 asprintf (&format
, "last-req.?%d.lr-value", i
);
679 res
= shishi_asn1_read (tkt
->handle
, tkt
->enckdcreppart
,
680 format
, lrtime
, lrtimelen
);
682 if (res
!= SHISHI_OK
)
683 return SHISHI_ASN1_ERROR
;
693 shishi_tkt_lastreqc (Shishi_tkt
* tkt
, Shihi_lrtype lrtype
)
695 char lrtime
[GENERALIZEDTIME_TIME_LEN
+ 1];
700 lrtimelen
= sizeof (lrtime
);
701 res
= shishi_tkt_lastreq (tkt
, lrtime
, &lrtimelen
, lrtype
);
702 if (res
!= SHISHI_OK
)
705 lrtime
[GENERALIZEDTIME_TIME_LEN
] = '\0';
707 t
= shishi_generalize_ctime (tkt
->handle
, lrtime
);
713 shishi_tkt_lastreq_pretty_print (Shishi_tkt
* tkt
, FILE * fh
)
717 t
= shishi_tkt_lastreqc (tkt
, SHISHI_LRTYPE_LAST_INITIAL_TGT_REQUEST
);
718 if (t
!= (time_t) - 1)
719 fprintf (fh
, _("Time of last initial request for a TGT:\t%s"),
722 t
= shishi_tkt_lastreqc (tkt
, SHISHI_LRTYPE_LAST_INITIAL_REQUEST
);
723 if (t
!= (time_t) - 1)
724 fprintf (fh
, "Time of last initial request:\t%s", ctime (&t
));
726 t
= shishi_tkt_lastreqc (tkt
, SHISHI_LRTYPE_NEWEST_TGT_ISSUE
);
727 if (t
!= (time_t) - 1)
729 "Time of issue for the newest ticket-granting ticket used:\t%s",
732 t
= shishi_tkt_lastreqc (tkt
, SHISHI_LRTYPE_LAST_RENEWAL
);
733 if (t
!= (time_t) - 1)
734 fprintf (fh
, "Time of the last renewal:\t%s", ctime (&t
));
736 t
= shishi_tkt_lastreqc (tkt
, SHISHI_LRTYPE_LAST_REQUEST
);
737 if (t
!= (time_t) - 1)
738 fprintf (fh
, "Time of last request:\t%s", ctime (&t
));
744 shishi_tkt_authtime (Shishi_tkt
* tkt
, char *authtime
, int *authtimelen
)
746 return shishi_asn1_field (tkt
->handle
, tkt
->enckdcreppart
,
747 authtime
, authtimelen
, "authtime");
751 shishi_tkt_authctime (Shishi_tkt
* tkt
)
753 char authtime
[GENERALIZEDTIME_TIME_LEN
+ 1];
758 authtimelen
= sizeof (authtime
);
759 res
= shishi_tkt_authtime (tkt
, authtime
, &authtimelen
);
760 if (res
!= SHISHI_OK
)
763 authtime
[GENERALIZEDTIME_TIME_LEN
] = '\0';
765 t
= shishi_generalize_ctime (tkt
->handle
, authtime
);
771 shishi_tkt_starttime (Shishi_tkt
* tkt
, char *starttime
, int *starttimelen
)
773 return shishi_asn1_optional_field (tkt
->handle
, tkt
->enckdcreppart
,
774 starttime
, starttimelen
, "starttime");
778 shishi_tkt_startctime (Shishi_tkt
* tkt
)
780 char starttime
[GENERALIZEDTIME_TIME_LEN
+ 1];
785 starttimelen
= sizeof (starttime
);
786 res
= shishi_tkt_starttime (tkt
, starttime
, &starttimelen
);
787 if (res
!= SHISHI_OK
|| starttimelen
== 0)
790 starttime
[GENERALIZEDTIME_TIME_LEN
] = '\0';
792 t
= shishi_generalize_ctime (tkt
->handle
, starttime
);
798 shishi_tkt_endtime (Shishi_tkt
* tkt
, char *endtime
, int *endtimelen
)
800 return shishi_asn1_field (tkt
->handle
, tkt
->enckdcreppart
,
801 endtime
, endtimelen
, "endtime");
805 shishi_tkt_endctime (Shishi_tkt
* tkt
)
807 char endtime
[GENERALIZEDTIME_TIME_LEN
+ 1];
812 endtimelen
= sizeof (endtime
);
813 res
= shishi_tkt_endtime (tkt
, endtime
, &endtimelen
);
814 if (res
!= SHISHI_OK
)
817 endtime
[GENERALIZEDTIME_TIME_LEN
] = '\0';
819 t
= shishi_generalize_ctime (tkt
->handle
, endtime
);
825 shishi_tkt_renew_till (Shishi_tkt
* tkt
, char *renewtill
, int *renewtilllen
)
827 return shishi_asn1_optional_field (tkt
->handle
, tkt
->enckdcreppart
,
828 renewtill
, renewtilllen
, "renew-till");
832 shishi_tkt_renew_tillc (Shishi_tkt
* tkt
)
834 char renewtill
[GENERALIZEDTIME_TIME_LEN
+ 1];
839 renewtilllen
= sizeof (renewtill
);
840 res
= shishi_tkt_renew_till (tkt
, renewtill
, &renewtilllen
);
841 if (res
!= SHISHI_OK
|| renewtilllen
== 0)
844 renewtill
[GENERALIZEDTIME_TIME_LEN
] = '\0';
846 t
= shishi_generalize_ctime (tkt
->handle
, renewtill
);
852 shishi_tkt_valid_at_time_p (Shishi_tkt
* tkt
, time_t now
)
854 time_t starttime
, endtime
;
856 starttime
= shishi_tkt_startctime (tkt
);
857 if (starttime
== (time_t) - 1)
858 starttime
= shishi_tkt_authctime (tkt
);
859 endtime
= shishi_tkt_endctime (tkt
);
861 return starttime
<= now
&& now
<= endtime
;
865 shishi_tkt_valid_now_p (Shishi_tkt
* tkt
)
867 return shishi_tkt_valid_at_time_p (tkt
, time (NULL
));
871 shishi_tkt_pretty_print (Shishi_tkt
* tkt
, FILE * fh
)
876 int keytype
, etype
, flags
;
880 buflen
= sizeof (buf
);
882 res
= shishi_tkt_cnamerealm (tkt
, buf
, &buflen
);
883 if (res
!= SHISHI_OK
)
886 fprintf (fh
, "%s:\n", buf
);
888 t
= shishi_tkt_authctime (tkt
);
889 fprintf (fh
, _("Authtime:\t%s"), ctime (&t
));
891 t
= shishi_tkt_startctime (tkt
);
892 if (t
!= (time_t) - 1)
893 fprintf (fh
, _("Starttime:\t%s"), ctime (&t
));
895 t
= shishi_tkt_endctime (tkt
);
897 p
[strlen (p
) - 1] = '\0';
898 fprintf (fh
, _("Endtime:\t%s"), p
);
899 if (!shishi_tkt_valid_now_p (tkt
))
900 fprintf (fh
, " (EXPIRED)");
903 t
= shishi_tkt_renew_tillc (tkt
);
904 if (t
!= (time_t) - 1)
905 fprintf (fh
, _("Renewable until:\t%s"), ctime (&t
));
907 buflen
= sizeof (buf
);
909 res
= shishi_tkt_server (tkt
, buf
, &buflen
);
910 if (res
!= SHISHI_OK
)
913 res
= shishi_ticket_get_enc_part_etype (tkt
->handle
, tkt
->ticket
, &keytype
);
914 if (res
!= SHISHI_OK
)
916 fprintf (fh
, _("Server:\t\t%s key %s (%d)\n"), buf
,
917 shishi_cipher_name (keytype
), keytype
);
919 res
= shishi_tkt_keytype (tkt
, &keytype
);
920 if (res
!= SHISHI_OK
)
922 res
= shishi_kdcrep_get_enc_part_etype (tkt
->handle
, tkt
->kdcrep
, &etype
);
923 if (res
!= SHISHI_OK
)
925 fprintf (fh
, _("Ticket key:\t%s (%d) protected by %s (%d)\n"),
926 shishi_cipher_name (keytype
), keytype
,
927 shishi_cipher_name (etype
), etype
);
930 res
= shishi_tkt_flags (tkt
, &flags
);
931 if (res
!= SHISHI_OK
)
935 fprintf (fh
, _("Ticket flags:\t"));
936 if (shishi_tkt_forwardable_p (tkt
))
937 fprintf (fh
, "FORWARDABLE ");
938 if (shishi_tkt_forwarded_p (tkt
))
939 fprintf (fh
, "FORWARDED ");
940 if (shishi_tkt_proxiable_p (tkt
))
941 fprintf (fh
, "PROXIABLE ");
942 if (shishi_tkt_proxy_p (tkt
))
943 fprintf (fh
, "PROXY ");
944 if (shishi_tkt_may_postdate_p (tkt
))
945 fprintf (fh
, "MAYPOSTDATE ");
946 if (shishi_tkt_postdated_p (tkt
))
947 fprintf (fh
, "POSTDATED ");
948 if (shishi_tkt_invalid_p (tkt
))
949 fprintf (fh
, "INVALID ");
950 if (shishi_tkt_renewable_p (tkt
))
951 fprintf (fh
, "RENEWABLE ");
952 if (shishi_tkt_initial_p (tkt
))
953 fprintf (fh
, "INITIAL ");
954 if (shishi_tkt_pre_authent_p (tkt
))
955 fprintf (fh
, "PREAUTHENT ");
956 if (shishi_tkt_hw_authent_p (tkt
))
957 fprintf (fh
, "HWAUTHENT ");
958 if (shishi_tkt_transited_policy_checked_p (tkt
))
959 fprintf (fh
, "TRANSITEDPOLICYCHECKED ");
960 if (shishi_tkt_ok_as_delegate_p (tkt
))
961 fprintf (fh
, "OKASDELEGATE ");
962 fprintf (fh
, "(%d)\n", flags
);
969 shishi_tkt_decrypt (Shishi_tkt
* tkt
, Shishi_key
* key
)
972 Shishi_asn1 encticketpart
;
974 rc
= shishi_ticket_decrypt (tkt
->handle
, tkt
->ticket
, key
, &encticketpart
);
978 tkt
->encticketpart
= encticketpart
;